Method and apparatus for controlling unsolicited messaging in real time messaging networks

ABSTRACT

A Voice over IP (VoIP) or Real Time Messaging (RTM) firewall device is claimed that protects VoIP or RTM network traffic by identifying and controlling the delivery of such network traffic that is unsolicited and undesired by the recipient (i.e. VoIP or RTM spam). The system involves applying a unique marking to RTM messages close to a point of message origination and then at a point close to message termination for the intended recipient examining a reputation store for information on the unique marking and using that information in conjunction with a set of policy rules to decide whether to pass, reject, pass on to an RTM store or otherwise filter the RTM message. The unique marking serves to identify a source characteristic of the message such as the message originator, a corporate affiliation for the originator, or a RTM network characteristic of the originator such as a transmission gateway.

This application claims the benefit of U.S. Provisional Application No.60/547,204, filed on Feb. 25, 2004, entitled Method and Apparatus forUsing Sender Identity to Control Unsolicited Messaging in Real TimeMessaging Networks, which application is incorporated herein byreference.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application relates to the following co-pending and commonlyassigned patent application: Ser. No. 11/019,092, filed Dec. 21, 2004,entitled Method and Apparatus for Controlling Unsolicited Messaging,which application is incorporated herein by reference.

TECHNICAL FIELD

The present invention relates to a method and apparatus for using senderidentity to control unsolicited messaging in real time messagingnetworks.

BACKGROUND

There are two quite different types of electronic networks that areevolving: a standard telephone network and a data network (e.g., theInternet). The standard telephone network, such as a wireless telephonynetwork and the POTS network, is designed to carry real-time messagingcontent. Capacity is allocated in real-time bandwidth and once you havea connection of adequate bandwidth established between two points, datathat is delayed is viewed as a network fault. Examples of communicationsthat may be carried via a standard telephone network(s) include voicecommunications, multi-party conference calls, video conference calls, orthe like.

Another characteristic of standard telephone networks is that eachnetwork is typically owned and controlled by a small number (typically asingle company in the case of wireless networks) of large companies thathistorically have provided service directly to end users of the networkand therefore have a billing type relationship with them. Where aconnection is made through the facilities of another provider, there istypically a commercial contract in place between the two companies.These standard telephone networks, in part because of the relativelyclose relationship between the service vendors and network users, havethe characteristic that the originator of a call can be readilyidentified, allowing “caller ID” service to be readily implemented andto be widely known and in fact expected.

In contrast, the second type of network (e.g., data networks such as theInternet, LANs, WANs, VPNs, and the like) were designed to move mostlyone-way, non-real time data from point to point. In this type ofnetwork, the delay of data has typically not been regarded as a networkfault. Additionally, some data networks, particularly the Internet, arefar more disjoint than a standard telephone network. There are many morecompanies involved, and there is much less control of individualpoint-to-point end-user connections. It is typical that a company thatprovides transmission of data on the Internet has a tenuous commercialrelationship with the originators of most of the data packets that it iscarrying. In fact, many Internet service providers (ISPs) protect theprivacy and anonymity of their subscribers.

This tenuous commercial relationship with end users coupled with therelative ease with which the end-user computers that originate much ofthe traffic on the Internet can be anonymously enlisted in the serviceof third parties, leads to the fact that a “caller ID” type service isnearly impossible to implement on the Internet.

In recent years, these data networks have begun to evolve to providereal-time, two-way communications between parties. The communicationsmay include, for example, voice-over-IP (VoIP), instant messaging,interactive video conferencing (e.g., web meetings), or the like.

Using the electronic data networks for real-time, two-way communicationsprovides several advantages. In particular, using these electronicnetworks for real-time, two-way communications is relatively low costand easily accessible. The proliferation of networks throughout today'ssociety, particularly the Internet, has ensured ready access to acommunications device capable of communicating with any other individualcommunicatively coupled to the same network. Essentially anyone with acomputer, a personal data assistant, a wireless telephone, or the likecan connect to the Internet and communicate with someone at a remotelocation within seconds. Likewise, companies can use internal networks(e.g., WANs, VPNs, or the like) to allow geographically dispersedemployees to communicate in real-time using many of the sametechnologies. Notably, the communications can frequently occur withequipment already purchased as networks and access devices are generallyalready in place to handle data needs.

As this type of communication becomes more widespread, it willinevitably become a target for advertisers and telemarketers as a methodto distribute advertising messages in vast quantities. Because of thelow cost of distributing massive amounts of advertising, advertisers caneconomically transmit advertising communications with response ratesthat are orders of magnitude less than would be necessary to supportmore traditional means of advertising. Additionally, as discussed above,anonymity given to the sender prevents “do not call” lists and caller-IDtype mechanisms from providing an adequate solution.

Electronic mail (e-mail) has already seen this problem. E-mail is astore-and-forward communications method in which one-way communications(as opposed to a two-way communications) are sent from one network nodeto another network node until the final destination is reached, where arecipient may or may not retrieve a message or respond. Because e-mailis inexpensive and advertisers can transmit massive amounts of e-mailquickly (and often automatically), e-mail advertisements (e.g., junke-mail) are becoming a burden to networks and users alike. This use ofe-mail to send massive amounts of advertisements is known as the e-mail“spam” problem.

In order to enable real-time messaging (RTM) over the previously dataoriented structure of the Internet, an infrastructure of real timemessaging protocols has been developed and deployed. The protocolsinclude H.323; “Packet-based Multimedia Communications Systems”,International Telecommunications Union, February 1998, RFC 3261, “SIP:Session Initiation Protocol”, Internet Engineering Task Force, March1999, (SIP) for establishing real time communication sessions and RFC1889; “RTP: A Transport Protocol for Real Time Applications” (RTP),Internet Engineering Task Force, March 1999, for transmission of realtime data streams.

These RTM protocols, however, have the same characteristic as theInternet's email protocol (e.g., SMTP) in that they do not provide areliable way of identifying the sender of a message or the initiator ofa telephony connection, and of course they share the same transmissionmedia and therefore the same cost structure as email.

It is important to note that unsolicited RTM messages differ from emailspam in a number of important ways and therefore optimal solutions foridentifying and suppressing unsolicited RTM messages are likely todiffer from strategies that would be most effective on email spam. Forexample, RTM, is primarily interactive and involves the receiving personbeing interrupted. This is true whether the receiving individual choosesto accept the incoming RTM messaging session or not. A ringing phone oran incoming RTM message demands an immediate response, if only to choosenot to accept the call. With unsolicited RTM messages, therefore, damageand expense has occurred before any message content has been transmittedand suppression techniques during the session initiation phase are moreimportant for RTM messages.

A system that is currently used to identify callers in the publicswitched telephone network (PSTN) is that network's ‘Caller ID’ system.In this case an identification string associated with the source of anincoming telephone call is transferred to a display device at thereceiving end of a telephone call between the first and second ring. Thecontents of the identification string is information that is enteredinto a database by the phone company that the originating caller hascontracted with for telephone service. Because the phone companiestypically sell suppression of this string as an ‘unlisted number’service, it is of limited use in the suppression of unsolicited/unwantedRTM messages.

In addition, when messages originate from devices connected to theInternet, as opposed to the PSTN itself, there is no guarantee thatreliable caller ID data will be available.

Therefore, there is a need for a method and system to provide RTM endusers with the ability to identify unsolicited and/or unwanted RTMconnections or messages and, preferably, to control those messages, suchas by filtering them into those that are to be received immediately andthose that are to be suppressed, diverted or acted on automatically insome other way.

SUMMARY OF THE INVENTION

These and other problems are generally solved or circumvented, andtechnical advantages are generally achieved, by preferred embodiments ofthe present invention which relates to a method and apparatus for usingsender identity to control unsolicited messaging in real-time messagingnetworks.

In accordance with an embodiment of the invention, there is provided asystem for controlling unsolicited messaging in a real-time messaging(RTM) network. The RTM network may include a message originator and amessage recipient wherein the message originator initiatescommunications with the message recipient in accordance with callinitiation requests transmitted in the RTM network. In an embodiment,the system may include:

a signing gateway communicatively coupled to the RTM network signing andrelaying call initiation requests on behalf of at least one messageoriginator to provide an origination characteristic to the callinitiation requests; and

a verifying gateway communicatively coupled to the RTM network verifyingcall initiation requests on behalf of at least one message recipient todetermine origination characteristics and determining a delivery actionto selectively deliver the call initiation requests in response to theorigination characteristics.

Preferably, the signing gateway marks the call initiation requests withat least one of a digital signature, an originating internet protocol(IP) address, or by encrypting the call initiation request.

The system may also include a public key store coupled to the signinggateway and verifying gateway for providing a public key of aprivate/public key pair (or other marking information, such as IPaddresses) to the verifying gateway, and/or the signing gateway.

The system may also include one or more reputation information storescoupled to the verifying gateway, and/or the signing gateway wherein thereputation information store includes reputation information for themessage originators in association with respective originationcharacteristics.

The delivery action may comprise, for example, one or more of completingthe delivery of the call initiation request, rejecting the delivery ofthe call initiation request, and filtering the call initiation request.

Moreover, the RTM network may be configured to provide at least one ofvoice over internet protocol (VoIP) services, instant messaging (IM)services, and video conferencing services.

These and other aspects including one or more method aspects andcomputer program product aspects will be apparent to those of ordinaryskill in the art.

The foregoing has outlined rather broadly the features and technicaladvantages of the present invention in order that the detaileddescription of the invention that follows may be better understood.Additional features and advantages of the invention will be describedhereinafter which form the subject of the claims of the invention. Itshould be appreciated by those skilled in the art that the conceptionand specific embodiment disclosed may be readily utilized as a basis formodifying or designing other structures or processes for carrying outthe same purposes of the present invention. It should also be realizedby those skilled in the art that such equivalent constructions do notdepart from the spirit and scope of the invention as set forth in theappended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention, and theadvantages thereof, reference is now made to the following descriptionstaken in conjunction with the accompanying drawing, in which:

FIG. 1 is a block diagram of the architecture for controlling thedelivery of unsolicited RTM communications according to an embodiment ofthe present invention.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

The making and using of the presently preferred embodiments arediscussed in detail below. It should be appreciated, however, that thepresent invention provides many applicable inventive concepts that canbe embodied in a wide variety of specific contexts. The specificembodiments discussed are merely illustrative of specific ways to makeand use the invention, and do not limit the scope of the invention.

FIG. 1 illustrates the overall architecture and the communicationscontext of an RTM network in accordance with an embodiment of thepresent invention.

The RTM network may be any type of network that supports a messagingmodality that may be used in an interactive two-way conversational modebetween a plurality of communicating terminal devices over acommunications network. RTM may also be used to send messages to amessage store (i.e. a voice mailbox or integrated messaging mailbox),but RTM is distinguished from electronic mail in that it is designed tosupport two-way conversation. RTM includes protocols where thecommunication session is established using SIP or H.323 and messaging isdone via one or more of voice, video, text, whiteboard or multimediadata streams. Examples of real time messaging communications includeVoIP (Voice over Internet Protocol), video conferencing, and IM (InstantMessaging).

In normal operation of the real time messaging network, a messageoriginator 110 and a message recipient 114 participate in RTMcommunications via a RTM capable network 112 such as the Internet or aWAN (wide-area network). The message originator 110 may be, for exampleany terminal device that is capable of communicatively coupling to thenetwork 112 and that initiates an RTM call or invites a messagerecipient 114 to join an existing RTM call. Similarly, the messagerecipient 114 may be, for example, any terminal device that receives anRTM call or invitation to join an existing call. Typically, it isexpected that the message originator 110 and the message recipient 114connect to the network 112 via a service provider. Examples of terminaldevices include personal computers, laptop computers, mobile phones,personal data assistants (PDAs), pocket-PCs, functions/programs runningthereon, and the like.

Similar to a telephone number, an RTM message is communicated using adestination RTM address associated with a user who is intended toreceive the message. In FIG. 1 the message recipient 114 terminal deviceis configured to receive incoming RTM messages for the destination RTMaddress. A user may have one or more terminal devices that can receiveRTM messages destined for a given RTM address and may, like a home andoffice telephone number, have one or more RTM addresses associated withhimself.

In order for an RTM message to be delivered, however, the originatingRTM address is typically not required. It is sufficient to establish acommunications pathway of arbitrary complexity between the messageoriginator 110 and the message recipient 114 terminal devices. Often theoriginating RTM address is provided in the call initiation packets, butin the same way that an unlisted telephone number shows up as ‘privatenumber’ on a call display device, this is not required.

In accordance with an embodiment of the present invention, FIG. 1 showsone or more message originators 110 and message recipients 114 connectedvia an RTM capable network. Signing and verifying gateways 111, 113 areillustrated as separate network nodes through which all RTM networktraffic for the message originator 110 and the message recipient 114must pass, respectively. However, persons of ordinary skill in the artwill appreciate that signing and verifying gateways 111, 113 may resideelsewhere, such as within originating and recipient terminal devices110, 114 themselves or within network infrastructure nodes.

It should be noted that the message traffic illustrated as 101-104refers, in this embodiment, to the messaging involved in establishing aRTM communications session rather than the content (i.e. video or audiodata) of the session. Cryptographic signing or encryption, or markingvia source IP address of the content of the RTM message may be used asan alternative to using the call set up information as described here.

Though signing gateway 111 and verifying gateway 113 are illustrated ascommunicating with the public key store 115 and reputation informationstore 116 outside RTM capable network 112, some or all of suchcommunications may be within such network 112. The signing gateway 111may be any device that relays call initiation requests from a terminaldevice, e.g., the message originator 110, and signs the relayed callinitiation message with the private key of the signing entity, or anyfunction that signs or otherwise marks, such as with a source IPaddress, the initiation requests. Similarly, the verifying gateway 113may be any device that relays incoming call initiation requests to aterminal device, e.g., the message recipient 114, and verifies thecryptographic signature on the initiation message with the public key ofthe signing entity, or any function that verifies the signature, mark ororigin of the initiation requests.

In the flow of events diagrammed in FIG. 1, the message originator 110wishes to engage the message recipient 114 in RTM communications eitherby establishing a new RTM call or by adding the recipient to an existingRTM call.

The message recipient 114 wishes to be solicited to engage in an RTMcall only if the message originator 110 wishes to exchange informationthat is of interest to the message recipient 114. As a surrogate forknowing if an incoming call is of interest to the message recipient, thereputation of the message originator is used to decide whether anincoming call should be signaled to the message recipient 114 or whetherit should be filtered in some way.

The steps involved in this system begin with the message originator 110sending a RTM call set up request to a related signing gateway 111.

The signing gateway 111 is associated with the message originator 110through some relationship in the real world. The preferred relationshipis that the signing gateway 111 represents a company and that themessage originator 110 works for that company. Other reasonablerelationships would be that the signing gateway represents a singleindividual, or that the signing gateway 111 represents a serviceprovider and that the message originator has a contract with the serviceprovider to provide RTM service.

Typically there would be an authentication mechanism (not shown), suchas an access control list or a shared encryption key that would limitthe set of message originators 110 that would be able to have any givensigning gateway 111 sign call set up messages.

In this embodiment, the signing gateway 111 has at least onepublic/private key pair available to it for signing messages. The keypair may have been generated by the signing gateway 111 or given to itvia a configuration mechanism. The public key is made available to theverifying gateway 113 when it is required to verify the digitalsignature on the received call set up request.

The public key may be made available to the verifying gateway 113 bystoring it in a public key store 115, or by passing it with the messageto be verified or as part of the communication session that transfersthe message to be verified to the verifying gateway. The public keystore 115 may be, for example, a storage device that is communicativelyaccessible to the message originator 110 and the message recipient 114.In an embodiment, the public key store 115 is communicatively coupled tothe RTM network. In another embodiment, the message originator 110and/or the message recipient 114 accesses the public key store 115 viaout-of-band mechanisms such as the Internet DNS mechanism, Internet HTTPaccess, or the like. The public key store 115 may also comprise bulkstorage of public keys on a CD-ROM distributed by conventional mail.

It should be noted that the use of public key technology is provided forillustrative purposes only and that other technologies may be used. Forexample, the signing gateway, rather than signing message components,may arrange for the message components to originate from one of aspecific set of IP addresses and that the set of IP addresses from whicha legitimate RTM message from the sender would originate could be madeavailable in an IP Address Store that would always behave as the PublicKey Store 115 described for this embodiment, except that it would storeIP address information rather than public keys.

In the case of a network addressable public key store 115 as illustratedin FIG. 1, the signing gateway may communicate the public key to thepublic key store 105. Alternatively, the public key store may bepopulated by an outside agency, such as a user, to load both the publickey in the public key store 115 and the private key in the signinggateway 111.

If a separate public key store 115 is used to pass the public key to theverifying gateway 113, the public key store 115 could be accessed by theverifying gateway 113 via a standard Internet protocol. The preferredprotocol would be DNS, which is tuned to respond quickly to smallqueries. Alternatively, remote procedure calls of one form or another(e.g., HTTP) could be used. As a further example, public keys could bedistributed by some non-network related mechanism and loaded into alocal key store residing in the same device that contains the verifyinggateway 113.

The public key is preferably associated in some verifiable way with thesigning gateway 111, or more specifically the real world entity (such asa corporation or service provider) that the signing gateway is acting onbehalf of.

In this embodiment of the invention, the signing gateway 111 isdescribed as acting on the behalf of a single entity. In otherembodiments it could reasonably be acting on behalf of severalorganizational entities simultaneously, or in fact it couldsimultaneously act on behalf of each individual sender within a numberof organizations.

If the public key is passed as part of the message, an association maybe made via an X.509 digital certificate chain where an identifier(typically an URL) is bound to a public key via a digital signatureinvolving public keys that are chained together via digital signaturesup to a public key associated with a root certificate that is typicallyloaded via a configuration interface into the verifying gateway 113. Inthis case the corporation that owns the root certificate in the chain isguaranteeing that the name and the public key are legitimately boundtogether. This type of name/public key association is described indetail in Digital Certificates: Applied Internet Security, Jalal Feghhi,Jalil Feghhi, Peter Williams, Addison Wesley Longman, Inc, 1998, whichis incorporated herein by reference.

If the public key is passed via a network accessible out of band publickey store 115 the association can be made by one of the standardInternet mechanisms such as an SSL with X.509 certificates for an HTTPaccess or by fetching the public key from a DNS server that isauthoritative for the DNS domain owned by the real world entity. In thelatter case the association may not be as cryptographically secure, butthe DNS infrastructure has proved relatively immune to spoofing andtherefore could be adequate in this case.

The signing gateway 111 digitally signs the call set up request (orparts therof) using a message digest function and encrypts the messagedigest with the private key of the public/private key pair as is wellknown standard practice. The digital signature is typically included aspart of the message, but it may be passed separately as part of the samecommunications session. Alternatively or additionally, the signinggateway may encrypt the call initiation request using the public key, orsend it from a specific IP address to mark it for the verifying gateway.

Similarly, an identifier associated with the real world entity for whichthe signing gateway 111 is acting and to be used as a look up key withan out of band public key store 115 is typically included with thesigned message, but may be passed separately as part of the samecommunications session. Typically this identifier would be a standardInternet universal resource locator (URL).

The signing gateway 111 then passes the call set up request to theverifying gateway 113 via an RTM capable network 112 such as theInternet. This transmission is labeled 102 and 103 in FIG. 1.

The verifying gateway 113 first obtains the public key of thepublic/private key pair used by the signing gateway to sign the call setup requests using one of the mechanisms described above. It thenverifies that the set up request has been signed with the private keyassociated with this public key.

If the call set up request is correctly signed, the verifying gateway113 retrieves information regarding the real world entity for which thesigning gateway digitally signed the call set up message from areputation information store 116. The reputation information store 116is preferably an information store that is updated with informationregarding the behavior of one or more message originators, signinggateways or relaying component that could be part of the transmissionpath for an RTM message that arrives at the verifying gateway 113. Thereputation information store 116 may, for example, be connected to theRTM network, available via an alternate network, local to the verifyinggateway 113, or the like. The information in the reputation informationstore 116 may describe the behavior observed over one or moretransmitted messages or over as few as a single message. The reputationinformation store 116 may, for example, include information about senderbehavior that is directly observed in some way, such as observationsthat a particular sender sent unsolicited RTM messages to a honeypot orsensor address. A honeypot or sensor address, for example, may be anaddress that does not correspond to an actual person, but rather iscreated for the purpose of receiving unsolicited RTM messages. The useof sensor addresses to collect information regarding sender behavior isdiscussed in U.S. patent application Ser. No. 11/019,092, filed on Dec.21, 2004, entitled Method and Apparatus for Controlling UnsolicitedMessaging, which is incorporated herein by reference. The reputationinformation store 116 may also include indirect measures of reputation,such as the fact that a given sender has registered with a ‘bondingauthority’ and has put money in trust to be distributed by the bondingauthority to recipients of its RTM messages that the recipientinterprets as unsolicitied and undesireable RTM messages.

The verifying gateway 113 may retrieve information from the reputationinformation store 116 using, for example, the same identifier (e.g.,URL) that was used to locate the public key in the public key store 115,an identifier accompanying the message (e.g., included in an X.509certificate), the public key itself, some other cryptographic signaturerelated measure that may be attached by the sender to aid in senderidentification, or the like. The information may also be indexed by anoriginating IP address or other call set up or message relatedcharacteristics. It should be noted that the reputation informationstore 116 may be indexed by message related characteristics that are notnecessarily related to true sender identification, but rather to messagecharacteristics, which may, in fact, have been added by the sender todeliberately obscure the identification of the true sender. Examples ofthe latter would be patterns in specific lines of the request, theoriginating IP address and checksums of call set up or message packetsor of components (e.g., individual lines or preprocessed lines) of suchpackets.

In an embodiment, the reputation information store 116 is provided by athird party to store information regarding RTM message senders. Inanother embodiment, the reputation information store 116 is provided bya sending entity, such as a corporation, a university, or the like, toprovide public visibility for message characteristics, such as a list ofvalid originating IP addresses, that the sending entity warrants that alegitimate message from it will have. In this embodiment, the validityof the reputation information store 116 itself may be determined via amechanism such as the X.509 certificate chains used to secure Internetshopping sites or the DNS mechanism used to associate Internet sitenames (URLs) with IP addresses.

Thus the marking of a call initiation request by digital signature,modification or addition of an originating IP address as describedabove, or public key encryption used in place of just using digitalsignatures as described in this embodiment, provides a mechanism forverifying an origination characteristic relates to the real world sourceof the request and may directly or indirectly identify at least one of:an entity associated with the marking the call initiation requests; amessage originator originating the call initiation requests; and anaffiliation of the message originator. Such may be indicated by URL, IPaddress, domain name and other network information. Persons of ordinaryskill in the art will appreciate that other information may indicateorigination.

Within the reputation store there may be information grouped by realworld entity, by identifier and by public key, or by messagecharacteristics such as patterns in specific lines. A real world entitymay have several identifiers associated with it and an identifier maywell be associated with several public/private key pairs.

The reputation information store 116 returns information (for examplepreviously observed behavior) about signing gateways that are associatedwith the identifier (and by implication with a specific real worldentity) or that used the private key associated with the public key usedin the reputation lookup to sign RTM call set up requests.

Note that this embodiment describes a single reputation store. Otherembodiments may use several reputation stores, such as the ‘bondingauthority’ scenario described above, or even a reputation store persender, such as where the sender has assertions he wishes to make abouthis own behavior and there is a way, such as third party measurements,of determining some measure of how valid his assertions are.

One example of information that may be collected and stored in thereputation information store would be connection requests that have beenmade on a set of sensor RTM URLs that have been made available on websites for spammers to collect, but do not represent real people. If anyof these connection requests use a public key found in the reputationinformation store 116, the conclusion can be drawn that public/privatekey pair is being used by a spammer.

Another example of information that may be collected and stored in thereputation information store 116 is a count of the number of requestsmade by verifying gateways for that particular real world entity,identifier or public key. If a plurality of reputation stores worktogether to propagate these counts to each other, a measure of theamount of traffic being generated by that real world entity, identifieror public key could be obtained and used to make judgments about thesender.

A third example of information that may be collected and stored in thereputation information store 116 would be that if the identifier was inthe form of an URL, to try to connect to that URL via TLS and see if theURL provides a valid X.509 certificate.

The information returned by the reputation information store 116 is thenused by the verifying gateway 113 to choose a policy action which wouldtypically be to accept, not accept, pass on to a RTM message store or tootherwise filter or act on the call set up request.

If the call set up request is not signed, or if the signature cannot besuccessfully validated, that fact also provides (a more limited amountof) information on which a policy decision can be based.

By way of example a policy might be that if a connection request is madefrom a commercial entity to an URL that is associated with receivingbusiness communications and the time is outside of normal work hours,the call set up request might be forwarded to a business related RTMmessage store.

A second example of a policy would be that if an unsigned call set uprequest was received, a challenge-response interaction might be enactedwith the message originator. To provide more detail, with respect to theconcept of a challenge-response interaction, if the incoming callrequest involved a voice channel, the voice message ‘please enter ’0‘tocomplete your call’ could be played and if the DTMF (Dual ToneMulti-Frequency) tone pair for the keypad “0” is detected the call isput through. Otherwise a message could be played saying that the callcould not be connected and the call dropped. This could happenautomatically without the message recipient being notified of the callset up request (i.e. without a VoIP phone ringing).

A third example of a policy involves reputation information beingderived directly from the behavior of the message originator. If amessage originator sends several call set up requests for severalnonexistent message recipient URL's within a short time span, and thensends a call set up request for an existing message recipient URL, theresponse ‘no such user’ could be returned on the assumption that themessage originator was executing a dictionary attack using constructedURL's. Further the detection of a dictionary attack could be forwardedto a reputation store so that other connections from that source couldbe recognized as probable attacks on the first connection attempt.

The final step in the process is for the verifying gateway to enforcethe selected policy action and to complete, reject or to filter theincoming call set up request.

Although the present invention and its advantages have been described indetail, it should be understood that various changes, substitutions andalterations can be made herein without departing from the spirit andscope of the invention as defined by the appended claims. Moreover, thescope of the present application is not intended to be limited to theparticular embodiments of the process, machine, manufacture, compositionof matter, means, methods and steps described in the specification. Asone of ordinary skill in the art will readily appreciate from thedisclosure of the present invention, processes, machines, manufacture,compositions of matter, means, methods, or steps, presently existing orlater to be developed, that perform substantially the same function orachieve substantially the same result as the corresponding embodimentsdescribed herein may be utilized according to the present invention.Accordingly, the appended claims are intended to include within theirscope such processes, machines, manufacture, compositions of matter,means, methods, or steps.

1. A method for controlling unsolicited messaging in a real timemessaging (RTM) network, the method comprising: receiving a callinitiation request from a first terminal device coupled to the RTMnetwork; marking the call initiation request on behalf of the firstterminal device to identify an origination characteristic of theinitiation request, generating a marked call initiation request;transmitting the marked call initiation request on the RTM network fordelivery to one or more second terminal devices coupled to the RTMnetwork; verifying the marked call initiation request on behalf of atleast one of the second terminal devices to determine the originationcharacteristics of the marked call initiation request; determining adelivery action in response to the verifying; delivering the marked callinitiation request in accordance with the delivery action; anddetermining a reputation associated with the call initiation request inresponse to the origination characteristic and wherein the determining adelivery action is responsive to the reputation.
 2. The method of claim1, wherein the marking comprises applying a digital signature to thecall initiation request.
 3. The method of claim 2, wherein the applyinga digital signature to the call initiation request comprises: creating amessage digest of the call initiation request; applying a private key ofa public/private key pair to the message digest to generate the digitalsignature; and providing a public key of the public/private key pair forverifying the digital signature.
 4. The method of claim 1, wherein themarking comprises applying an originating internet protocol (IP) addressto the call initiation request or portions of the call initiationrequest.
 5. The method of claim 4, where a set of legitimate originatingIP addresses are provided via a publicly available IP address store. 6.The method of claim 1, wherein the marking comprises encrypting the callinitiation request.
 7. The method of claim 6, wherein the encrypting thecall initiation request comprises: applying a private key of apublic/private key pair to the call initiation request to encrypt thecall initiation request for transmitting; and providing a public key ofthe public/private key pair for decrypting and verifying the callinitiation request.
 8. The method of claim 7, wherein the providing apublic key comprises providing the public key to a public key store forelectronic retrieval.
 9. The method of claim 1, wherein the originationcharacteristic identifies at least one of an entity associated with thecall initiation requests, a message originator originating the callinitiation requests, and an affiliation of the message originator. 10.The method of claim 1, wherein the RTM network is configured to provideat least one of voice over internet protocol (VOIP) services, instantmessaging (IM) services, and video conferencing services.
 11. The methodof claim 1, wherein the determining a respective reputation comprisesretrieving the reputation from one or more stores of reputationinformation in response to the origination characteristic.
 12. Themethod of claim 1, wherein the determining a delivery action comprisesapplying a policy in response to the reputation, the policy definingrules for directing a delivery of the call initiation request.
 13. Themethod of claim 1, wherein the delivery action comprises at least one ofcompleting the delivery of the call initiation request, rejecting thedelivery of the call initiation request, and filtering the callinitiation request.
 14. The method of claim 13, wherein the filteringthe call initiation request comprises at least one of interacting withthe first terminal device of the call initiation request and taking amessage from the first terminal device.
 15. A method for controllingunsolicited messaging in a real time messaging (RTM) network, the methodcomprising: verifying an origination of a call initiation request onbehalf of a first terminal device, the verifying being performed atleast in part using marks included in the call initiation request thatidentifies an origination characteristic of the call initiation request;determining a delivery action in response to the verifying, wherein thedetermining includes determining a reputation associated with theorigination and wherein the determining a delivery action is responsiveto the reputation; and delivering the call initiation requests inaccordance with the delivery action.
 16. The method of claim 15, whereinthe verifying is performed at least in part by verifying a digitalsignature associated with at least a portion of the call initiationrequest.
 17. The method of claim 15, wherein the verifying is performedat least in part by verifying an originating internet protocol (IP)address.
 18. The method of claim 15, wherein the verifying is performedat least in part by verifying an encrypted call initiation request orencrypted portion thereof.
 19. The method of claim 15, wherein theorigination identifies at least one of an entity associated with themarking of the call initiation requests, a message originatororiginating the call initiation requests, and an affiliation of themessage originator.
 20. The method of claim 15, wherein the verifyingcomprises using a public key to validate a digital signature.
 21. Themethod of claim 15, wherein the determining a reputation comprisesretrieving the reputation from one or more stores of reputationinformation associated with the origination or marking of the callinitiation.
 22. The method of claim 15, wherein the determining areputation comprises retrieving the reputation from one or more storesof reputation information associated with the call initiation request.23. The method of claim 15, wherein the determining a delivery actioncomprises applying a policy in response to the reputation, the policydefining rules for directing a delivery of the call initiation request.24. The method of claim 15, wherein the delivery action comprises atleast one of completing the delivery of the call initiation request,rejecting the delivery of the call initiation request, and filtering thecall initiation request.
 25. The method of claim 24, wherein thefiltering the call initiation request comprises at least one ofinteracting with a second terminal device associated with the callinitiation request; and taking a message from the second terminaldevice, wherein the second terminal device is associated with theorigination of the call initiation request.
 26. The method of claim 15,wherein the RTM network is configured to provide at least one of voiceover internet protocol (VOIP) services, instant messaging (IM) services,and video conferencing services.
 27. A system for controllingunsolicited messaging in a real time messaging (RTM) network, the systemcomprising: a signing gateway communicatively coupled to one or moremessage originators and to the RTM network, the signing gateway beingconfigured to receive a call initiation request from a first messageoriginator, mark the call initiation request to generate a signed callinitiation request, and relay the signed call initiation request to theRTM network on behalf the first message originator, the signed callinitiation request identifying an origination characteristic of the callinitiation request; a verifying gateway communicatively coupled to theRTM network and one or more message recipients, the verifying gatewaybeing configured to receive the signed call initiation request, verifythe signed call initiation request on behalf of at least one messagerecipient to determine the origination characteristic, and determine adelivery action to selectively deliver the signed call initiationrequest in response to the origination characteristic; and one or morereputation information stores communicatively coupled to the verifyinggateway, the reputation information stores comprising reputationinformation for at least some of the message originators, wherein theverifying gateway is configured to determine a reputation for themessage originator associated with the signed call initiation requestand to selectively deliver the signed call initiation request inresponse to the reputation.
 28. The system of claim 27, wherein thesigning gateway marks the call initiation requests with at least one ofa digital signature, an originating internet protocol (IP) address, orby encrypting a call initiation request.
 29. The system of claim 27,further comprising a public key store communicatively coupled to thesigning gateway and verifying gateway, the public key store providing apublic key of a private/public key pair to the verifying gateway, andwherein the signing gateway is configured to mark the call initiationrequest by applying a private key of the private/public key pair and theverifying gateway is configured to verify the signed call initiationrequest by applying the public key.
 30. The system of claim 27, whereinthe delivery action comprises at least one of completing the delivery ofthe call initiation request, rejecting the delivery of the callinitiation request, and filtering the call initiation request.
 31. Thesystem of claim 27, wherein the RTM network is configured to provide atleast one of voice over internet protocol (VOIP) services, instantmessaging (IM) services, and video conferencing services.